1
0
mirror of https://github.com/janeczku/calibre-web synced 2024-11-28 20:39:59 +00:00

password validation working

This commit is contained in:
Ozzieisaacs 2022-06-16 11:15:17 +02:00
parent d6a31e5db8
commit 04326af2da
5 changed files with 28 additions and 15 deletions

View File

@ -1778,7 +1778,7 @@ def _configuration_update_helper():
_config_checkbox(to_save, "config_password_upper") _config_checkbox(to_save, "config_password_upper")
_config_checkbox(to_save, "config_password_special") _config_checkbox(to_save, "config_password_special")
_config_int(to_save, "config_password_min_length") _config_int(to_save, "config_password_min_length")
_config_int(to_save, "config_session") reboot_required |= _config_int(to_save, "config_session")
# Rarfile Content configuration # Rarfile Content configuration
_config_string(to_save, "config_rarfile_location") _config_string(to_save, "config_rarfile_location")

View File

@ -25,10 +25,6 @@ var i18n = {};
wordTwoCharacterClasses: 'Use different character classes', wordTwoCharacterClasses: 'Use different character classes',
wordRepetitions: 'Too many repetitions', wordRepetitions: 'Too many repetitions',
wordSequences: 'Your password contains sequences', wordSequences: 'Your password contains sequences',
// wordLowercase: "Use at least one lowercase character",
// wordUppercase: "Use at least one uppercase character",
// wordOneNumber: "Use at least one number",
// wordOneSpecialChar: "Use at least one special character",
errorList: 'Errors:', errorList: 'Errors:',
veryWeak: 'Very Weak', veryWeak: 'Very Weak',
weak: 'Weak', weak: 'Weak',
@ -376,7 +372,7 @@ defaultOptions.rules.activated = {
wordIsACommonPassword: true wordIsACommonPassword: true
}; };
defaultOptions.rules.raisePower = 1.4; defaultOptions.rules.raisePower = 1.4;
defaultOptions.rules.specialCharClass = '[!,@,#,$,%,^,&,*,?,_,~]'; defaultOptions.rules.specialCharClass = "(?=.*?[^A-Za-z\s0-9])"; //'[!,@,#,$,%,^,&,*,?,_,~]';
// List taken from https://github.com/danielmiessler/SecLists (MIT License) // List taken from https://github.com/danielmiessler/SecLists (MIT License)
defaultOptions.rules.commonPasswords = [ defaultOptions.rules.commonPasswords = [
'123456', '123456',

View File

@ -37,20 +37,21 @@ $(document).ready(function() {
showVerdicts: false, showVerdicts: false,
} }
options.rules= { options.rules= {
specialCharClass: "(?=.*?[^A-Za-z\\s0-9])",
activated: { activated: {
wordNotEmail: false, wordNotEmail: false,
wordMinLength: $('#password').data("min") ? true : false, wordMinLength: $('#password').data("min"),
// wordMaxLength: false, // wordMaxLength: false,
// wordInvalidChar: true, // wordInvalidChar: true,
wordSimilarToUsername: false, wordSimilarToUsername: false,
wordSequences: false, wordSequences: false,
wordTwoCharacterClasses: false, wordTwoCharacterClasses: false,
wordRepetitions: false, wordRepetitions: false,
wordLowercase: $('#password').data("lower") ? true : false, wordLowercase: $('#password').data("lower") === "True" ? true : false,
wordUppercase: $('#password').data("upper") ? true : false, wordUppercase: $('#password').data("upper") === "True" ? true : false,
wordOneNumber: $('#password').data("number") ? true : false, wordOneNumber: $('#password').data("number") === "True" ? true : false,
wordThreeNumbers: false, wordThreeNumbers: false,
wordOneSpecialChar: $('#password').data("special") ? true : false, wordOneSpecialChar: $('#password').data("special") === "True" ? true : false,
// wordTwoSpecialChar: true, // wordTwoSpecialChar: true,
wordUpperLowerCombo: false, wordUpperLowerCombo: false,
wordLetterNumberCombo: false, wordLetterNumberCombo: false,

View File

@ -400,7 +400,6 @@
</div> </div>
</div> </div>
</div> </div>
</div>
</div> </div>
<div class="col-sm-12"> <div class="col-sm-12">
<button type="button" name="submit" id="config_submit" class="btn btn-default">{{_('Save')}}</button> <button type="button" name="submit" id="config_submit" class="btn btn-default">{{_('Save')}}</button>

View File

@ -23,6 +23,7 @@ import json
import mimetypes import mimetypes
import chardet # dependency of requests import chardet # dependency of requests
import copy import copy
import re
from flask import Blueprint, jsonify from flask import Blueprint, jsonify
from flask import request, redirect, send_from_directory, make_response, flash, abort, url_for from flask import request, redirect, send_from_directory, make_response, flash, abort, url_for
@ -55,6 +56,7 @@ from .kobo_sync_status import remove_synced_book
from .render_template import render_title_template from .render_template import render_title_template
from .kobo_sync_status import change_archived_books from .kobo_sync_status import change_archived_books
feature_support = { feature_support = {
'ldap': bool(services.ldap), 'ldap': bool(services.ldap),
'goodreads': bool(services.goodreads_support), 'goodreads': bool(services.goodreads_support),
@ -1355,10 +1357,25 @@ def logout():
def change_profile(kobo_support, local_oauth_check, oauth_status, translations, languages): def change_profile(kobo_support, local_oauth_check, oauth_status, translations, languages):
to_save = request.form.to_dict() to_save = request.form.to_dict()
current_user.random_books = 0 current_user.random_books = 0
if current_user.role_passwd() or current_user.role_admin():
if to_save.get("password"):
current_user.password = generate_password_hash(to_save.get("password"))
try: try:
if current_user.role_passwd() or current_user.role_admin():
if to_save.get("password"):
if config.config_password_policy:
verify = ""
if config.config_password_min_length > 0:
verify += "^(?=\S{" + str(config.config_password_min_length) + ",}$)"
if config.config_password_number:
verify += "(?=.*?\d)"
if config.config_password_lower:
verify += "(?=.*?[a-z])"
if config.config_password_upper:
verify += "(?=.*?[A-Z])"
if config.config_password_special:
verify += "(?=.*?[^A-Za-z\s0-9])"
match = re.match(verify, to_save.get("password"))
if not match:
raise Exception(_("Password doesn't comply with password validation rules"))
current_user.password = generate_password_hash(to_save.get("password"))
if to_save.get("kindle_mail", current_user.kindle_mail) != current_user.kindle_mail: if to_save.get("kindle_mail", current_user.kindle_mail) != current_user.kindle_mail:
current_user.kindle_mail = valid_email(to_save.get("kindle_mail")) current_user.kindle_mail = valid_email(to_save.get("kindle_mail"))
if to_save.get("email", current_user.email) != current_user.email: if to_save.get("email", current_user.email) != current_user.email: